Monday, July 14, 2025

How to be more agile TODAY

Hi Appraiser

I'm having some trouble. My boss keeps telling me to be 'more Agile.' what does that even mean? And how can I make an immediate turn toward Agility?  ~Walter Fall 

HI Walter,

We hear it all the time: "Be more agile!" But what does that really mean, and how can we actually start implementing it today?

Well, you're in luck, I've got three practical steps you can take right now to embrace agility.


On Airplanes and Agile

  1. Involve Your Customer More Closely

The foundation of any successful agile project is a deeply involved customer. By integrating your customer as a product owner who can speak for the project, you're setting yourself up for success. If your customer isn't part of the team and doesn't have a voice in the project, it's like building a house without blueprints or feedback—you may end up with something you didn't expect.

  1. Empower Teams to Define Their Processes

Agile isn't about sticking rigidly to one process; it's about evolution and improvement through retrospectives. Allow your teams the autonomy to define and refine their processes throughout the project. As they learn and adapt, so too will the processes, resulting in a more efficient and responsive way of working.

  1. Clearly Define Roles and Accountabilities

Nothing steers a project off course quicker than uncertainty about roles and responsibilities. By clearly defining these at the outset, you give your team members the authority and responsibility to make decisions. This empowerment reduces the need for senior management intervention and streamlines the decision-making process, leading to a more agile project.

Implement these three steps, and you'll start feeling more agile right away.

Like this blog? Forward to your nearest engineering or software exec!

Jeff Dalton is a Certified Lead Appraiser, Certified CMMI Instructor, author, and consultant with years of real-world experience with the CMMI in all types of organizations. Jeff has taught thousands of students in CMMI trainings and has received an aggregate satisfaction score of 4.97 out of 5 from his students.

What is CMMI?

Visit www.broadswordsolutions.com for more information about running a successful CMMI program. Visit CMMI-TV to see some cool videos about CMMI, Agile, and more.

Monday, June 30, 2025

What Are the Different Levels of CMMI?

Hi Appraiser,

What happens when a customer requests that we become CMMI level three, or even level five? It's often hard to see the differences, right?

Signed,

Confused About the Difference. Hi Confused!

Actually, the distinctions between the Capability Maturity Model Integration (CMMI) levels are quite meaningful. Each level represents a progression of capabilities through the adoption of organized best practices within the organization's processes.

Let’s break it down:

Level 1: Initial

This is the foundational stage where the focus is purely on getting the work done. Organizations operating at this level may do a good job but aren’t necessarily focused on strategic processes or continuous improvement.

Level 2: Managed

At this stage, projects begin to organize around more structured process frameworks. There’s an emphasis on ensuring that project activities are being properly managed and measured, signaling the beginning of continuous improvement efforts.

Level 3: Defined

Organizations at this level are taking a broader view, applying established processes across projects. There's a consistent use of enterprise metrics and regular adoption of continuous improvement techniques to enhance performance.

Level 4: Quantitatively Managed

Here, the use of statistical models comes into play, underpinning performance improvements through data and metrics. This level reflects a sophistication in process management, where decisions are informed by hard data.

Level 5: Optimizing

The pinnacle of CMMI maturity, where statistical process models are applied across all facets of the organization. This ensures continuous improvement processes are deeply embedded, leveraging data for overall organizational benefit.

From Level 1 to Level 5, it’s an evolutionary journey for organizations to mature their processes, aiming to maximize efficiency and effectiveness by utilizing data and structured practices.

Like this blog? Forward to your nearest engineering or software exec!
Jeff Dalton is a Certified Lead Appraiser, Certified CMMI Instructor, author, and consultant with years of real-world experience with the CMMI in all types of organizations. Jeff has taught thousands of students in CMMI trainings and has received an aggregate satisfaction score of 4.97 out of 5 from his students.

What is CMMI?

Visit www.broadswordsolutions.com for more information about running a successful CMMI program.
Visit CMMI-TV to see some cool videos about CMMI, Agile, and More.

Thursday, June 26, 2025

How CMMI can help with CMMC (and ISO) adoption

How CMMI V3.0 Could Help You Conquer CMMC V2.0 (Without Losing Your Sanity)

* Disclaimer: Jeff Dalton is a board member at CyberAB, and is precluded from delivering CMMC-related services for a period of 2 years after his term has ended.  Broadsword neither sells nor markets CMMC services.


Struggling to maintain all of your government CERTS?

Okay, folks. Imagine this: You’ve just heard that the Cybersecurity Maturity Model Certification (CMMC) V2.0 is the latest must-have accessory for any defense contractor or supplier who wants to stay in the game. You might be thinking, “How do I make this work with all the other processes and certifications I already have?” Enter CMMI V3.0—the superhero of process improvement, here to help you survive this new world of cybersecurity compliance, without turning into a stressed-out puddle of nerves.

Here’s how CMMI could help you implement CMMC V2.0 like a pro—without the crying and hair-pulling.


1. Aligning Business and Cybersecurity: Because Who Wants to Juggle Two Different Worlds?

  • CMMI V3.0: This guy is all about linking process improvements to business outcomes like customer satisfaction, productivity, and those mythical things we call "efficiency."

  • CMMC V2.0: This one’s a bit more intense. Based on NIST 800-171, It’s got your back when it comes to safeguarding Controlled Unclassified Information (CUI). No one's stealing your secrets, buddy.

How CMMI V3.0 Can Help: Wouldn't it be nice if you didn’t have to choose between your business goals and cybersecurity? CMMI V3.0 can help you connect the dots between the two. It’s like setting up a dating profile for your business and cybersecurity goals. “Looking for mutual understanding, growth, and lots of collaboration.” CMMC's cybersecurity goals would seamlessly integrate into your broader strategy without breaking a sweat. Romantic, right?


2. Scalable Maturity Models: Because We All Want to Get Better, but Not Overnight

  • CMMI V3.0: Offers five levels of maturity, from “meh” to “wow, look at you go!” It’s a process of gradual improvement, one awkward baby step at a time.

  • CMMC V2.0: Same deal, but three levels—everything from “basic hygiene” (no, not THAT hygiene) to “advanced security practices” (aka your cybersecurity is so tight even James Bond would be impressed).

How CMMI V3.0 Can HelpCMMI V3.0 would let these two frameworks walk hand-in-hand, like an ideal couple. As your organization matures in CMMI, you can simultaneously level up your CMMC compliance. It’s like getting a gym buddy who shows up every day. Together, you’ll get stronger, more secure, and less likely to collapse in a heap.


3. Integrated Governance: For When Your Company Needs a Little “Tough Love”

  • CMMI V3.0: Governance is all about creating clear, documented processes and making sure everyone is following the rules. It’s like having a really strict librarian who checks over your shoulder to make sure you’re reading the right book.

  • CMMC V2.0: Requires you to establish strict governance over your cybersecurity efforts too. No, this doesn’t mean you get to be the "cybersecurity sheriff" at the office (but imagine the badge!).

How CMMI V3.0 Can Help: Imagine having the ultimate “cybersecurity watchdog” at your disposal. With CMMI V3.0, you get shiny new tools—like real-time dashboards and audit trails—that help keep track of all your compliance activities without breaking a sweat. No more scrambling through piles of paper or scrolling through endless email chains trying to prove you’ve got your act together.


4. Process Improvement for Cybersecurity: Because Even Cybersecurity Needs a Tune-Up

  • CMMI V3.0: This model is about making things work better. Think: better risk management, incident management, and configuration management. It’s like fixing up an old car—just with more spreadsheets.

  • CMMC V2.0: It’s the fancy new sports car that needs to be carefully maintained with precise cybersecurity practices. If something’s off, you’ll know it!

How CMMI V3.0 Can Help: You don’t need to treat CMMC like some separate thing. CMMI V3.0 would help you integrate cybersecurity directly into your everyday process improvement. It’s like having a mechanic who can not only fix the engine but also make sure it’s well-oiled for maximum performance. Incident management? Risk assessment? Check and check. You’ve got it all covered!


5. Documentation and Evidence: Because You Can’t Just Say You Did It (Spoiler: You Have to Prove It)

  • CMMI 3.0: We all know that good documentation is key—plans, procedures, metrics. Without it, you’re just a business without a paper trail. And that’s basically like being a superhero without a cape.

  • CMMC V2.0: You gotta document everything. Every incident response. Every access log. Every cybersecurity procedure, like you're preparing for a NASA mission.

How CMMI V3.0 Can Help: Imagine if CMMI V3.0 made documentation as easy as taking a selfie. (Okay, maybe not that easy, but close.) By helping you integrate cybersecurity documentation with your regular process improvement docsCMMI V3.0 would make it a breeze to collect and organize the evidence you need for CMMC audits. No more scrambling at the last minute. You’ll look like the most organized person in the room. You're welcome!


6. Employee Training and Awareness: Because You Can’t Just Tell People, You Gotta Show Them

  • CMMI V3.0: Employee training is crucial. It’s like teaching your team the secret sauce of success—processes that everyone needs to follow to improve the company.

  • CMMC V2.0: If you think employee training for CMMI is tough, try training them in cybersecurity. We’re talking about protecting CUI, not the company coffee machine.

How CMMI V3.0 Can Help: Instead of making training feel like a boring lecture on a Friday afternoon, CMMI V3.0 could offer training modules that help employees learn about cybersecurity while also mastering process improvement. It’s a win-win—your team gets smarter about both CMMI and CMMC without the pain of attending yet another workshop.


7. Real-Time Monitoring and Feedback: So You Don’t Have to Guess How You’re Doing

  • CMMI V2.0: Gives you feedback in real-time, so you’re not left in the dark wondering how your process improvements are progressing.

  • CMMC V2.0: Requires you to constantly monitor cybersecurity efforts. Yes, it’s a lot of work, but think of it like a fitness tracker for your organization.

How CMMI V3.0 Can Help: With CMMI V3.0, you can track both your process maturity and your cybersecurity compliance in real time. It’s like having a GPS for your business—except it doesn't just tell you where you’re going, it tells you how fast you’re going, how much fuel you have left, and if you’ve passed the last exit for “Cybersecurity Best Practices.”


8. Integrating Cybersecurity and Risk Management: Because Cybersecurity Isn't Just a "Side Job" Anymore

  • CMMI V2.0 Risk Management: Think of CMMI as the thoughtful planner who sits down and evaluates risks from every angle—so nothing surprises you later.

  • CMMC V2.0 Risk Management: Requires a similar, but more intense, focus on cybersecurity risks—except now you have to be prepared for potential hackers and cyber threats that could derail your entire operation.

How CMMI V3.0 Can Help: With CMMI V3.0, you can bring your cybersecurity risk management into the broader enterprise-wide risk management framework. It’s like upgrading from a bicycle to a rocket ship. You’ll handle cybersecurity risks AND general business risks with the grace of a ballet dancer on roller skates.


Conclusion: CMMI V3.0—Your Ultimate Sidekick for Conquering CMMC V2.0

While CMMI V2.0 has already done wonders for organizations looking to implement CMMC V2.0, the potential of CMMI V3.0 could make the whole process feel less like a battle and more like a well-choreographed dance. With improved tools, real-time monitoring, and integrated frameworks, CMMI V3.0 can help you embrace CMMC compliance with open arms. And, let’s face it, in today’s world of cybersecurity, that’s about as close to superhero status as you’ll get.

So, strap in, folks. The future of CMMC V2.0 and CMMI V3.0 is looking brighter—and much less stressful—than ever before.

Wednesday, June 25, 2025

Are CMMI Appraisals really too expensive?

Are CMMI Appraisals really too expensive?



How NOT to pass a CMMI Appraisal

 I love a good game of “bunchball.”

You’ve seen it: a dozen little Pelés chasing the soccer ball down the field, every one of them trying to score the goal that wins the game. Eventually, one fast kid breaks away, gets a clean shot, and—yippee!—saves the day with the only goal scored. The team wins.

Fun to watch? Absolutely. Championship-level play? Not quite.

Meanwhile, there’s always one kid who hangs back—playing defense, watching the field, covering the goal. Not chasing glory, just playing their role. That kid isn’t flashy, but they’re going places. Why? Because they’re playing the game, not just the moment.


Sound Familiar?

At recent CMMI events, there’s been growing concern that CMMI appraisals are too expensive. Attendees talk about thousands of hours spent preparing, assembling documents, and scrambling to “get ready.” The cost, some argue, far exceeds the benefit.

If that’s really true—yes, we should be concerned.

But it raises an important question: Are these organizations truly operating at the level they’re trying to appraise? Or are they just playing a high-stakes version of bunchball?


Visualizing the Problem

Anyone who knows me knows I love whiteboards. I’m a visual thinker, and I often sketch out problems to get clarity. One of my favorite drawings is a (very rough) cliff scene with two sets of stick figures:

  • One group is clawing their way up the cliff, fingernails barely holding on, shouting:
    “Whooo hoooo! We MADE Level Three!”

  • The other group is already on top of the cliff, lifting barbells, stretching, and quietly saying:
    “We ARE Level Three.”

Now tell me—which appraisal was “too expensive”?


It’s Cheaper to Be Great

Here’s the reality: appraisals only feel expensive when organizations aren’t truly performing at the level they’re aiming for.

If your team is spending months digging up “evidence,” assembling PIIDs, and creating artifacts from scratch just to meet the requirements—you’re not appraisal-ready. Not yet.

That doesn’t mean you’re not doing great work. It just means you haven’t built a systemic approach yet. You’re still chasing the ball around the field.


The Championship Analogy

Let’s imagine a school principal tells a youth soccer coach:

“You must win the league championship before the end of fiscal year 2014.”

The coach might:

  • Hire consultants to teach a few winning techniques from last year

  • Bring in “ringers” to fill key roles like goalie

  • Assign consultants to shadow players and correct every mistake

  • Lobby the league for friendly referees

Sure, they might win a few games. But when the season ends, they’re still just a bunchball team.

Now imagine a wiser coach replies:

“We’re not ready to win the championship yet, but we can have a winning season.”

And then that coach:

  • Trains and practices regularly

  • Teaches kids to play their positions and work as a unit

  • Brings in experts to build skills, not just win trophies

  • Puts players in roles suited to their strengths

  • Gets honest, unbiased feedback from referees

That’s how real champions are built. And it’s the same with organizations pursuing CMMI maturity.


Appraisals Aren’t the Problem—Readiness Is

CMMI is a global benchmark of excellence. If we want  appraisals to mean something, they should be challenging. But they don’t have to be expensive.

If an organization is already operating at Maturity Level 2 or 3, proving it shouldn’t be painful. The cost of the appraisal is reasonable, because the behaviors are already present.

If you’re not quite there yet? Trying to appear ready can cost a fortune—and might still fall short.


“But What About All the Paperwork?”

Good question. Someone at a recent conference asked:

“Don’t document inventories take a huge amount of time?”

They can—but they shouldn’t.

In a well-run ML2 or ML3 organization, work products are well-managed. Strong Configuration and Data Management practices mean artifacts are easy to locate and demonstrate. There’s no need to compile huge inventories from scratch—because the data already exists in good order.

That means fewer headaches. Lower prep time. Lower cost.


The Bottom Line

CMMI appraisals are only expensive when you’re faking it. Not because the model is broken, but because the team isn’t ready.

It’s cheaper to be great than it is to fake it.

Focus on building capability. Develop your team. Play your positions. When you're truly performing at a high level, appraisals become proof—not a burden.

Feel free to leave me a question here or email me at AskMe@broadswordsolutions.com.


Like this blog?  Forward to your nearest engineering or software exec! 
Jeff Dalton is a Certified Lead AppraiserCertified CMMI Instructor, author, and consultant with years of real-world experience with the CMMI in all types of organizations. Jeff has taught thousands of students in CMMI trainings and has received an aggregate satisfaction score of 4.97 out of 5 from his students.


Visit www.broadswordsolutions.com for more information about running a successful CMMI program.
Visit CMMI-TV to see some cool videos about CMMI, Agile, and More

Visit https://askthecmmiappraiser.blogspot.com/ to see the old (V2) Blog (lots of content!)

Monday, June 16, 2025

What does it mean when one of your customers asks you to become CMMI Level 3?

Hi Appraiser,


What does it mean when one of your customers asks you to become CMMI Level 3, or maybe even 

Level 5? What are the differences between these levels?


Thanks for your help! ~Leval Uhp



Great Questions Leval!

Each of these levels has a specific meaning in the world of CMMI (Capability Maturity Model Integration). 

The CMMI model includes anywhere between 19 and 21 practice areas, depending on the domain you 

choose. 


Whether you're at Level 1 or Level 5, all of these practice areas are included. The key difference lies in 

which  practices within each area are adopted and implemented ("practice groups") CMMI is a 

comprehensive framework of best practices organized by Practice Area. 


When we conduct an appraisal, we examine these Practice Areas, and the appropriate Practices within them

that correspond to Practice Group l - 5.

Let's break down each level:

**Level 1: Initial**


At Level 1, the focus is primarily on just getting the work done. There's little emphasis on continuous 

improvement or organizational strategy. I instead, the aim is to accomplish tasks effectively, even though 

practices may not be formalized.


**Level 2: Managed**


By the time an organization reaches Level 2, processes are more structured. Projects start to organize 

themselves from a process standpoint by measuring performance and ensuring process adherence, 

paving the way for continuous improvement within the CMMI framework.


**Level 3: Defined**

Level 3 takes a broader enterprise approach. Organizations at this stage implement processes and metrics

that apply enterprise-wide to ensure consistency and continuity across various projects. The regular 

adoption of continuous improvement techniques becomes a priority for overall company performance 

enhancement.


**Level 4: Quantitatively Managed**

Here, the focus shifts to using data-driven approaches to getting work done. Organizations develop 

statistical process performance models to leverage data and statistics to drive performance improvements.


**Level 5: Optimizing**

At the pinnacle, Level 5, organizations apply quantitative Process Performance Models ("PPMs") across 

selected processes within the product ora service lifecycle.

This level exemplifies a mature use of data and enterprise processes to enhance capabilities and processes

comprehensively.


So, the transition from Level 1 to Level 5 is an evolutionary journey. Starting at Level 1, organizations are 

in the early stages of their continues improvement journey; by Level 5 they are fully mature, leveraging 

data, enterprise metrics, and processes to their fullest potential.


Like this blog?  Forward to your nearest engineering or software exec! 

Jeff Dalton is a Certified Lead AppraiserCertified CMMI Instructor, author, and consultant with years of real-world experience with the CMMI in all types of organizations. Jeff has taught thousands of students in CMMI trainings and has received an aggregate satisfaction score of 4.97 out of 5 from his students.


Visit www.broadswordsolutions.com for more information about running a successful CMMI program.
Visit CMMI-TV to see some cool videos about CMMI, Agile, and More

Visit https://askthecmmiappraiser.blogspot.com/ to see the old (V2) Blog (lots of content!)

Friday, June 13, 2025

What are the goals of a CMMI Course?

Hi Appraiser,
I've always wondered what the core objectives of CMMI training are and how they truly benefit an organization? ~E. Fiscient





Hi E!

At Broadsword, we’ve been cooking up CMMI training for over 20 years — that’s like two decades of making process improvement a tasty dish! 

Our secret sauce? Three succulent goals that’ll keep your learning journey juicy and fun. 

First up: we want you to see CMMI not as a boring checklist (yawn), but as a magical recipe for transforming your company’s culture and behaviors — kind of like turning your office into a productivity smoothie. 

Next, we’ll arm you with enough CMMI know-how to impress even the toughest process nerds, so you can whip up processes that fit the model like a glove — or at least like a really comfy sock. Lastly, we’ll boost your confidence so high that when it’s time for your maturity level assessment (Level 2, 3, 4, or 5 — take your pick!), you’ll be strutting in like a CMMI Rockstar, ready to ace that appraisal without breaking a sweat. 

So why not join us and unlock the secret powers of CMMI? Your company’s transformation adventure awaits!

Like this blog?  Forward to your nearest engineering or software exec! 
Jeff Dalton is a Certified Lead AppraiserCertified CMMI Instructor, author, and consultant with years of real-world experience with the CMMI in all types of organizations. Jeff has taught thousands of students in CMMI trainings and has received an aggregate satisfaction score of 4.97 out of 5 from his students.


Visit www.broadswordsolutions.com for more information about running a successful CMMI program.
Visit CMMI-TV to see some cool videos about CMMI, Agile, and More

Visit https://askthecmmiappraiser.blogspot.com/ to see the old (V2) Blog (lots of content!)

Monday, June 9, 2025

How do you FAIL an appraisal?

Hi Appraiser,


I'm really afraid of failing my company's appraisal. We've been working so hard on it! What are some things to avoid if we're looking to pass our appraisal? ~Ima Frade





Dear Ima,

Helping you out of your predicament here is Darian Poinsetta, the president and CEO of Broadsword Solutions and a certified lead appraiser. He's giving me a little break for blog writing today.  With years of experience helping companies align with CMMI maturity levels, Darian has witnessed firsthand the pitfalls that can take down even the most well-meaning organizations.

The Three Pitfalls to Avoid

1. Misaligned Processes:
A common way organizations set themselves up for failure is by having processes that aren’t aligned with the company's goals. It’s crucial to remember: if your processes aren’t driving your company toward its objectives, they’re essentially useless. Each process should serve the broader purpose of advancing your company’s mission. This is why understanding CMMI Process Areas is essential to aligning your processes correctly.

2. Lack of Senior Leadership Engagement:
Without the active engagement of senior leadership, an appraisal is doomed to struggle. Leaders provide the resources, funding, and training necessary to implement and sustain processes. Their support is vital for any organization aspiring to pass an appraisal, and without it, the path forward becomes significantly more challenging. Senior leadership involvement is integral, and our CMMI Leadership Training can help guide your team through the process.

3. Insufficient Time for Process Adoption:
Lastly, organizations often falter by not allowing their teams enough time to adapt to and utilize new processes. Rushed implementations can result in confusion and inefficiencies. It’s essential to give employees ample time to integrate processes into their daily routines, understand how they work, and identify improvements over time. Process Adoption is a long-term commitment, and understanding its importance can make all the difference.

By steering clear of these pitfalls, organizations can greatly enhance their chances of success and ensure their processes meaningfully contribute to achieving company goals.

Like this blog?  Forward to your nearest engineering or software exec! 
Jeff Dalton is a Certified Lead AppraiserCertified CMMI Instructor, author, and consultant with years of real-world experience with the CMMI in all types of organizations. Jeff has taught thousands of students in CMMI trainings and has received an aggregate satisfaction score of 4.97 out of 5 from his students.


Visit www.broadswordsolutions.com for more information about running a successful CMMI program.
Visit CMMI-TV to see some cool videos about CMMI, Agile, and More

Visit https://askthecmmiappraiser.blogspot.com/ to see the old (V2) Blog (lots of content!)

Friday, June 6, 2025

Does CMMI work with Agile?

 

Bridging CMMI Requirements Development with Agile Practices: Making “Stuff” Happen

Do Agile Teams even use Process?

Many Agile teams studying the Requirements Development and Management (RDM) practices in CMMI ask the same question:
“How is any of this agile?”

It’s true—the model doesn’t prescribe specific techniques, and the language can feel dated or overly formal to Agile teams deep in their day-to-day work. But that doesn't mean it’s not compatible. In fact, with the right translation, the CMMI can significantly strengthen how your team approaches requirements—without abandoning Agile values.

When Process Language Gets in the Way

To borrow a line from Gloria Estefan: "The words get in the way."

CMMI’s terminology—think “product and product component requirements”—might work in a classroom or a textbook, but on an Agile team board? Not so much. In practice, I drop the jargon and meet teams where they are.

Instead of rigid terms, I talk about stuff:

  • The stuff customers say they want (even though it will change).

  • The stuff we build to try to satisfy them (which also changes).

  • The stuff we validate, to make sure it's useful—and fundable.

The challenge is aligning that “stuff” with CMMI RDM practices in a way that feels natural, not forced.


A Three-Tiered Requirements Architecture for Agile Teams

To help Agile teams ground their requirements in real, actionable practices, I often recommend a three-tiered architecture plus a cascading “definition of done” that supports clarity, traceability, and better delivery.

Let’s break it down:


Tier 1: The Product Backlog

The backlog captures customer needs in priority order. In CMMI-speak, this aligns with eliciting and developing customer requirements.

Here’s where estimation often comes into play—especially when customers ask questions like “We’re not sure what we want, but how much will it cost?”

For this, Agile teams can use:

  • Wideband Delphi: A collaborative, experience-based estimation method similar to Agile practices, but focused on effort, not story points.

  • It's a great middle ground for government or large corporate customers still struggling with the concept of relative sizing.


Tier 2: Epics

Epics represent high-level, user-focused narratives—each potentially encompassing multiple user stories.

While often dismissed as just “big stories,” epics are critical for validation. They help teams and stakeholders clarify scenarios before diving into detailed development. They also uncover defects and assumptions early.

Estimation at this tier shifts toward relative sizing, using tools like:

  • The Fibonacci Game or the Team Estimation Game
    (still collaborative, but faster and more intuitive than formal effort estimates)


Tier 3: User Stories

User stories are the most familiar Agile artifact: focused narratives with clear tasks, completed within a sprint.

CMMI's RMN is especially useful here—it can help uncover hidden or missed requirements that aren't typically found in the backlog.

By the time a story reaches this tier, it’s been validated and refined from initial need → epic → story → task. This clarity makes Planning Poker a natural fit for estimation.


Cascading “Definition of Done”: Validating at Every Level

To bring it all together, I recommend teams define a set of tier-specific validation questions. These help ensure that each requirement, whether a backlog item, epic, or story, meets a minimum threshold of clarity and feasibility.

Some examples:

  • Is there a clear narrative for the Epic or User Story?

  • Is the source reliable and validated?

  • Can all stakeholders understand the request?

  • Are test cases defined?

  • Does functionality meet funding and performance requirements?

  • Have we done this before? Do we have the data?

  • Is there significant risk we need to manage?

This creates a “gate” at each level of granularity—backlog, epic, story—helping teams spot ambiguity or risk beforedevelopment begins.

Bonus Tip: Use a “Confidence Matrix”

Teams can also implement a lightweight Confidence Matrix:

  • Mark each validation question as strong or weak.

  • Tally up a Confidence Score per story.

  • Use it as a multiplier or input for risk-based estimation.

Over time, teams can even experiment with weighted scoring for more precision.


CMMI Isn’t Anti-Agile—It Makes Agile Better

These are just a few ways to apply CMMI Requirements Development in an Agile context. When teams use CMMI not as a constraint but as a lens for improvement, it helps them level up—starting from the stuff they’re already doing.

So don’t think of RDM as old-school bureaucracy. Think of it as a toolkit to help you:

  • Clarify what you’re building.

  • Estimate with more confidence.

  • Deliver high-quality stories that matter.

Get your requirements architecture in place first—and then go deeper into CMMI. There’s plenty more gold to mine.

Onward!

Like this blog?  Forward to your nearest engineering or software exec! 
Jeff Dalton is a Certified Lead AppraiserCertified CMMI Instructor, author, and consultant with years of real-world experience with the CMMI in all types of organizations. Jeff has taught thousands of students in CMMI trainings and has received an aggregate satisfaction score of 4.97 out of 5 from his students.


Visit www.broadswordsolutions.com for more information about running a successful CMMI program.
Visit CMMI-TV to see some cool videos about CMMI, Agile, and More

Visit https://askthecmmiappraiser.blogspot.com/ to see the old (V2) Blog (lots of content!)